Sure, but every time /usr/pluto/bin/Network_Firewall.sh runs (on linuxmce firewall rules changes. i.e) the fail2ban rules are lost, that's why i made the option to make it start at the end of this script. May not be the cleanest approach, but i've find out to be the surest.

thx for the wiki page!applied this morning, after my asterisk had been brute forced and extension found with no secret.must have been prior to the sip secrets patch as the phones page on webadmin didn't list the extension in question. Yet freepbx listed the extension.Maybe recreation of an orbiter or MD left me with orphan SIP extensions.

Checked my log today and noticed that it looks like a botnet of some sort is being used to launch brute force attacks: Each login attempt appears to come from a different IP, and so fail2ban isn't doing its job.

I've changed the threshold to 1 invalid login attempt = ban, and hopefully the botnet will run out of bot IPs before it guesses my login/passwords. If I happen to ban myself by accident I'll just have to manually unban myself.

Anyone know if there's a big performance hit from having a huge number of entries in IPTables?